What sucks, who sucks and you suck

DNS/BIND Setup Using Cfengine

2005-07-15

It’s actually quite easy to automate the configuration of a BIND DNS server using Cfengine, even one run in a chroot environment. It’s also a good illustration of the non-obvious technique for copying multiple files using Cfengine’s copy action.

This [cf.dns](/scripts/cf.dns) file can be included in a Cfengine policy. It configures a primary and chrooted secondary DNS servers for Solaris 8 (on the assumption that the secondaries are placed on an insecure DMZ and identified as the authoritative name servers for your domain). It will also start the BIND daemon, keep it running and reload the configuration if it changes.

Requirements for running BIND under chroot on Solaris are covered elsewhere (or see �Setting up BIND8 in a change-rooted environment on Solaris� by Timo Sivonen in the July 2001 ;login:.). The Cfengine copy action here copies multiple files from each directory by using several include statements with limited recursion. It also makes absolute copies of the required device nodes, which needs care since these are really symlinks.

This config assumes the use of h2n (from the O’Reilly Cricket book) to generate the BIND database files on the primary from a master hosts file together with a Makefile that runs it. You can supply your own Makefile here if you need to do something else, or modify the rules as required. You’ll also need a db.cache bootstrap file, a db.127.0.0 localhost reverse lookup database file (which can be generated by h2n or copied from the primary) for the secondary servers, and an initialisation script (init.named_chroot) to start or stop BIND with chroot(1M) at boot time.